DI-4001 (01/2015) 
U.S. Department of the Interior 


U.S. Department of the Interior 
PRIVACY IMPACT ASSESSMENT 





Introduction 


The Department of the Interior requires PIAs to be conducted and maintained on all IT systems whether already in 
existence, in development or undergoing modification in order to adequately evaluate privacy risks, ensure the protection of 
privacy information, and consider privacy implications throughout the information system development life cycle. This PIA 
form may not be modified and must be completed electronically; hand-written submissions will not be accepted. See the DOI 
PIA Guide for additional guidance on conducting a PIA or meeting the requirements of the E-Government Act of 2002. See 
Section 6.0 of the DOI PIA Guide for specific guidance on answering the questions in this form. 


NOTE: See Section 7.0 of the DOI PIA Guide for guidance on using the DOI Adapted PIA template to assess third-party 
websites or applications. 




















Name of Project Date 

Federal Financial System (FFS) Decommissioning 09-29-2016 
Bureau/Office Bureau/Office Contact Title 

Financial Management Directorate (FMD) Customer Support Branch 
Point of Contact Email First Name M.I. Last Name Phone 
John_maye@ibc.doi.gov John Maye (703) 487-0891 





























Address Line 1 
12201 Sunrise Valley Drive 


Address Line 2 














City State/Territory Zip 
Reston Virginia 20192 


























Section 1. General System Information 


A. Is a full PIA required? 





Yes 











Yes, information is collected from or maintained on 








Federal personnel and/or Federal contractors 








B. What is the purpose of the system? 





The Federal Financial System (FFS) was a mainframe based commercial-off-the- shelf software (COTS) which provided 
a standardized, automated capability for performing administrative control of funds, general accounting, billing and 
collecting, payments, management reporting, and regulatory reporting. It consisted of a “core” system that supports 
primary financial accounting and reporting processes, and several optional modules/subsystems for specific operational 
and administrative management functions. 
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FFS is now decommissioned, with proper disposition of the software, hardware and data. 


Software: FFS is a mainframe based commercial off the shelf software (COTS). The FFS 

software libraries for baseline CORE and DOI specific software libraries were copied onto on a 3580 magnetic cartridge 
tape. Each DOI bureau or organization was responsible for maintaining data based on required Financial system data 
retention methodology. Archived software and documentation for FFS would be stored offsite at the Federal Records 
Center (FRC), and the associated National Archives and Records Administration (NARA) Accession Number is: 
PT-048-2015-0096. 


Hardware: FFS was used on the DOI mainframe, and there are no associated hardware to decommission. 


Data: Each bureau or organization was responsible for maintaining data based on required Financial system data 
retention methodology. Some organizations relied on maintaining magnetic tape copies of the FFS monthly journals, 
stored at an off-site storage facility. Some bureaus chose to import the FFS legacy data onto in-house or agency 
maintained Oracle reporting databases, and other bureaus, including the Bureau of Land Management (BLM), Office of 
the Secretary and Departmental Offices, U.S. Geological Survey (USGS), Bureau of Indian Affairs (BIA), National Park 
Service (NPS), Fish and Wildlife Service (FWS), and Bureau of Reclamation (BOR) incorporated the legacy data into the 
Financial Business and Management System (FBMS). For further information of FBMS, please see the FBMS Cloud PIA. 


FWS owns the FWS Data Warehouse (FFS DW) subsystem, which is no longer hosted in FFS and is being maintained 
separately by the DOI Office of the Chief Information Officer (OCIO) under a litigation hold for FFS data (Crab Orchard 
Site 14 Litigation Hold) as the reporting database contains the data necessary to support the litigation. FWS will conduct 
a separate PIA if required for any use or changes to the FFS DW. 





C. What is the legal authority? 


The Office of Management and Budget Circular A-127, Policies and Standards for Financial Management Systems. This 
Circular is issued pursuant to the Chief Financial Officers Act (CFSs Act) of 1990, P.L. 101-576 and the Federal 
Managers’ Financial Integrity Act of 1982, P.L. 97-255- (31 U.S.C 3512 et seq.), and 31 U.S. C. Chapter 11. 








D. Why is this PIA being completed or modified? 








Retiring or Decommissioning a System 





E. Is this information system registered in CSAM? 





Yes 


Enter the UII Code and the System Security Plan (SSP) Name 
010-000000315; Federal Financial System System Security Plan 




















F. List all minor applications or subsystems that are hosted on this system and covered under this privacy impact 
assessment. 


Subsystem Name Purpose Contains PII Describe 
FFS Data Warehouse (FFS Reporting database populated Yes The same PII is in the DW that 
DW) nightly with current FFS data for is in the main application 


reporting purposes. 


G. Does this information system or electronic collection require a published Privacy Act System of Records Notice (SORN)? 





Yes 


List Privacy Act SORN Identifier(s) 


FFS records are covered under DOI-90, Federal Financial System, system of records notice. DOI-90 will be retired 
upon completion of decommissioning procedures and disposal as appropriate. Records incorporated into FBMS are 
covered under DOI-85, Payroll, Attendance, Retirement, and Leave Records; DOI-86, Accounts Receivable: FBMS; 
DOI-87, Acquisition of Goods and Services: FBMS; and DOI-88, Travel Management: FBMS. DOI SORNs may be 
viewed on the DOI SORN page at https:/Awww.doi.gov/privacy/sorn. 























H. Does this information system or electronic collection require an OMB Control Number? 
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Section 2. Summary of System Data 


A. What PII will be collected? Indicate all that apply. 





Name 








Citizenship 








Gender 
|_| Birth Date 
Group Affiliation 














[C] Marital Status 








Biometrics 

Other Names Used 
Truncated SSN 

Legal Status 

|_| Place of Birth 

Other 

Specify the PII collected. 









































Religious Preference 








Security Clearance 








Spouse Information 








Financial Information 





Medical Information 





Disability Information 
Credit Card Number 


Law Enforcement 




















Education Information 








Emergency Contact 








Driver’s License 
Race/Ethnicity 










































































Social Security Number (SSN) 
Personal Cell Telephone Number 
Tribal or Other ID Number 


|_| Personal Email Address 


Mother’s Maiden Name 


[_] Home Telephone Number 


Child or Dependent Information 
Employment Information 
Military Status/Service 


Mailing/Home Address 








FFS is now decommissioned and is no longer used to collect or maintain any data. 





B. What is the source for the PII collected? Indicate all that apply. 





Individual 

















Federal agency 


Describe 


FFS is now decommissioned and is no longer used to collect or maintain any data. 























Tribal agency 

















Local agency 


DOI records 
Third party source Other 




















State agency 





C. How will the information be collected? Indicate all that apply. 








Paper Format 
































Describe 





Face-to-Face Contact Fax 














Email Web Site Other 








Telephone Interview 

















Information Shared Between Systems 





FFS is now decommissioned and is no longer used to collect or maintain any data. 


D. What is the intended use of the PII collected? 





FFS is now decommissioned and is no longer used to collect or maintain any data. 








Within the Bureau/Office 


Other Bureaus/Offices 

















Describe the bureau or office and how the data will be used. 


E. With whom will the PII be shared, both within DOI and outside DOI? Indicate all that apply. 








Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any data. 














Other Federal Agencies 
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Tribal, State or Local Agencies 








Contractor 
Other Third Party Sources 














F. Do individuals have the opportunity to decline to provide information or to consent to the specific uses of their PII? 


No 














State the reason why individuals cannot object or why individuals cannot give or withhold their consent. 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any data. 











G. What information is provided to an individual when asked to provide PII data? Indicate all that apply. 





























Privacy Act Statement Privacy Notice Other None 




















H. How will data be retrieved? List the identifiers that will be used to retrieve information (e.g., name, case number, etc.). 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any data. 











|. Will reports be produced on individuals? 





No 











Section 3. Attributes of System Data 


A. How will data collected from sources other than DOI records be verified for accuracy? 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any data. 











B. How will data be checked for completeness? 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any data. 





C. What procedures are taken to ensure the data is current? Identify the process or name the document (e.g., data models). 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any data. 











D. What are the retention periods for data in the system? Identify the associated records retention schedule for the records 
in this system. 


FFS records were maintained under Departmental Records Schedule DAA-0048-2013-0001-0011, which has been 
approved by NARA: Long-term Financial and Acquisition Records are cut off at end of fiscal year in which files are 
closed, and files can be destroyed 7 years after cutoff. The cutoff in this case will be the year in which the bureau 
customer data was migrated to FBMS or magnetic tapes were stored at offsite storage facility. Archived software and 
documentation are stored off-site according to FFS associated NARA Accession Number PT-048-2015-0096, which 
covers unclassified information in FFS. 





Each bureau or organization has responsibility for maintaining data based on required Financial system data retention 
methodology. 





E. What are the procedures for disposition of the data at the end of the retention period? Where are the procedures 
documented? 





FFS is now decommissioned and no longer maintains data. Each bureau or organization is responsible for maintaining 
and disposing of records based on records retention schedules and Financial system data retention methodology. 
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Approved disposition methods include shredding or pulping for paper records, and degaussing or erasing for electronic 
records, in accordance with NARA Guidelines and 384 Departmental Manual 1. 





F. Briefly describe privacy risks and how information handling practices at each stage of the “information lifecycle” (i.e., 
collection, use, retention, processing, disclosure and destruction) affect individual privacy. 





FFS is now decommissioned, with proper disposition of the software, hardware and data, as aforementioned. Financial 
data migrated from FFS into FBMS is protected through the administrative, technical and physical controls that have 
been implemented for FBMS and its hosting environment. Please see the FBMS Cloud PIA for analysis of privacy risk 
and mitigating privacy controls. 





Section 4. PIA Risk Review 


A. Is the use of the data both relevant and necessary to the purpose for which the system is being designed? 


No 














B. Does this system or electronic collection derive new data or create previously unavailable data about an individual 
through data aggregation? 


No 





C. Will the new data be placed in the individual's record? 


No 








D. Can the system make determinations about individuals that would not be possible without the new data? 


No 











E. How will the new data be verified for relevance and accuracy? 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any 
data. 








F. Are the data or the processes being consolidated? 





No, data or processes are not being consolidated 








G. Who will have access to data in the system or electronic collection? Indicate all that apply. 


















































Users Developers System Administrator 
Contractors Other 
Describe 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any 
data. 








H. How is user access to data determined? Will users have access to all data or will access be restricted? 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any 
data. 








|. Are contractors involved with the design and/or development of the system, or will they be involved with the maintenance 
of the system? 


No 














J. Is the system using technologies in ways that the DOI has not previously employed (e.g., monitoring software, 
SmartCards or Caller ID)? 


No 
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K. Will this system provide the capability to identify, locate and monitor individuals? 


w 


L. What kinds of information are collected as a function of the monitoring of individuals? 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any 
data. 





M. What controls will be used to prevent unauthorized monitoring? 





Not applicable. FFS is now decommissioned and is no longer used to collect or maintain any 
data. 











N. How will the PII be secured? 
(1) Physical Controls. Indicate all that apply. 




























































































Security Guards Secured Facility Identification Badges Combination Locks 
Key Cards Closed Circuit Television Safes Locked Offices 
Locked File Cabinets Cipher Locks Other 

Describe 





FFS is now decommissioned and is no longer used to collect or maintain any data. The DOI FFS customer bureaus 
migrated their data into FBMS, the Department-wide financial management system. Please see the FBMS Cloud PIA 
for analysis of privacy risk and mitigating controls. 





(2) Technical Controls. Indicate all that apply. 












































Password [_] Intrusion Detection System (IDS) 

Firewall [_] Virtual Private Network (VPN) 

Encryption [_] Public Key Infrastructure (PKI) Certificates 

User Identification [x] Personal Identity Verification (PIV) Card 
|_| Biometrics 

Other 

Describe 





FFS is now decommissioned and is no longer used to collect or maintain any data. The DOI FFS customer bureaus 
migrated their data into FBMS, the Department-wide financial management system. Please see the FBMS Cloud PIA 
for analysis of privacy risk and mitigating controls. 

(3) Administrative Controls. Indicate all that apply. 












































Periodic Security Audits ><] Regular Monitoring of Users’ Security Practices 

Backups Secured Off-site ><] Methods to Ensure Only Authorized Personnel Have Access to PII 
Rules of Behavior X Encryption of Backups Containing Sensitive Data 

Role-Based Training X] Mandatory Security, Privacy and Records Management Training 
Other 

Describe 





FFS is now decommissioned and is no longer used to collect or maintain any data. The DOI FFS customer bureaus 
migrated their data into FBMS, the Department-wide financial management system. Please see the FBMS Cloud PIA 
for analysis of privacy risk and mitigating controls. 








O. Who will be responsible for protecting the privacy rights of the public and employees? This includes officials responsible 
for addressing Privacy Act complaints and requests for redress or amendment of records. 


The FFS Information System Owner is responsible for oversight and management of the FFS and ensuring adequate 
security and privacy controls are implemented during the decommission process. The FFS Information System Owner 
and the FFS Privacy Act System Manager are responsible for ensuring adequate safeguards are implemented to protect 
individual privacy in compliance with Federal laws and policies for the use and decommissioning of FFS, and are 
responsible for addressing complaints or requests in consultation with DOI privacy officials. However, FFS is now 
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decommissioned and is no longer used to collect or maintain any data. DOI FFS customer bureaus migrated their data 
into FBMS, the Department-wide financial management system. The FFS system notice will be retired upon completion 
of decommissioning procedures. Please see the FBMS Cloud PIA for analysis of privacy risk and mitigating controls. 





P. Who is responsible for assuring proper use of the data and for reporting the loss, compromise, unauthorized disclosure, or 
unauthorized access of privacy protected information? 





The FFS Information System Owner is responsible for oversight and management of the FFS security and privacy 
controls, and reporting any potential compromise or unauthorized access in accordance with Federal policy and 
established procedures. However, FFS is now decommissioned and is no longer used to collect or maintain any data. 
DOI FFS customer bureaus migrated their data into FBMS, the Department-wide financial management system. Please 
see the FBMS Cloud PIA for analysis of privacy risk and mitigating controls. 
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